Description
Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) kp3, (2) type, (3) msg, (4) forum_id, (5) pos, (6) cats_app, (7) cat_id, (8) msgball[msgnum], (9) fldball[acctnum] parameters to index.php or (10) ticket_id to viewticket_details.php.
Exploits (2)
exploitdb
WRITEUP
VERIFIED
by GulfTech Security · textwebappsphp
https://www.exploit-db.com/exploits/24845
exploitdb
WRITEUP
VERIFIED
by GulfTech Security · textwebappsphp
https://www.exploit-db.com/exploits/24844
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18496
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110312656029072&w=2
Exploit x_refsource_misc
http://www.gulftech.org/?node=research&article_id=00054-12142004
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11952
Patch vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200501-08.xml
Scores
EPSS
0.0321
EPSS Percentile
87.1%
Details
Status
published
Products (11)
phpgroupware/phpgroupware
0.9.12
phpgroupware/phpgroupware
0.9.13
phpgroupware/phpgroupware
0.9.14
phpgroupware/phpgroupware
0.9.14.003
phpgroupware/phpgroupware
0.9.14.005
phpgroupware/phpgroupware
0.9.14.006
phpgroupware/phpgroupware
0.9.14.007
phpgroupware/phpgroupware
0.9.16.000
phpgroupware/phpgroupware
0.9.16.002
phpgroupware/phpgroupware
0.9.16.003
... and 1 more
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026